Malware incremental training and detection method based on neural network smooth aggregation mechanism

doi:10.11835/j.issn.1000.582X.2024.06.009

Home > Archive>Volume 47, Issue 6, 2024 >86-93. DOI:10.11835/j.issn.1000.582X.2024.06.009

Malware incremental training and detection method based on neural network smooth aggregation mechanism
DOI:
                        10.11835/j.issn.1000.582X.2024.06.009
                    
CSTR:
                        [cstr]
                    
Author:
                        GUO ZhiminGUO Zhimin
State Grid Henan Electric Power Research Institute，Zhengzhou 450000, P. R. China
Find this author on All Journals
Find this author on BaiDu
Search for this author on this site
CHEN CenCHEN Cen
State Grid Henan Electric Power Research Institute，Zhengzhou 450000, P. R. China
Find this author on All Journals
Find this author on BaiDu
Search for this author on this site
LI NuannuanLI Nuannuan
State Grid Henan Electric Power Research Institute，Zhengzhou 450000, P. R. China
Find this author on All Journals
Find this author on BaiDu
Search for this author on this site
CAI JunfeiCAI Junfei
State Grid Henan Electric Power Research Institute，Zhengzhou 450000, P. R. China
Find this author on All Journals
Find this author on BaiDu
Search for this author on this site
ZHANG ZhengZHANG Zheng
State Grid Henan Electric Power Research Institute，Zhengzhou 450000, P. R. China
Find this author on All Journals
Find this author on BaiDu
Search for this author on this site

                    
Affiliation:State Grid Henan Electric Power Research Institute，Zhengzhou 450000, P. R. China
Clc Number:
Fund Project:Supported by the Science and Technology Project of State Grid Corporation of China(5700-202024193A-0-0-00).

Article

Figures

Metrics

Reference [14]

Related [20]

Cited by

Materials

Comments

Abstract:

To ensure the timeliness of malware variant detection models, traditional machine (deep) learning-based detection methods integrate historical and incremental data and retrain to update detection models. However, this approach often suffers from low training efficiency. Therefore, this paper proposes an incremental learning method based on a neural network smooth aggregation mechanism for detecting malware variants, facilitating the smooth evolution of detection models. The method introduces a training scale factor to prevent the decrement of accuracy in the aggregated incremental model due to small training scales. Experimental results show that the proposed incremental learning method can improve training efficiency while maintaining the accuracy of the detection model compared to the re-training method.

Key words:malware variants detection;incremental learning;neural network;model aggregation

Reference

[1] Jeon S, Moon J. Malware-detection method with a convolutional recurrent neural network using opcode sequences[J]. Information Sciences, 2020, 535: 1-15.

[2] Zhao Y T, Cui W J, Geng S N, et al. A malware detection method of code texture visualization based on an improved faster RCNN combining transfer learning[J]. IEEE Access, 2020, 8: 166630-166641.

[3] Taheri R, Ghahramani M, Javidan R, et al. Similarity-based android malware detection using Hamming distance of static binary features[J]. Future Generation Computer Systems, 2020, 105: 230-247.

[4] Usman N, Usman S, Khan F, et al. Intelligent dynamic malware detection using machine learning in IP reputation for forensics data analytics[J]. Future Generation Computer Systems, 2021, 118: 124-141.

[5] Khan S, Akhunzada A. A hybrid DL-driven intelligent SDN-enabled malware detection framework for Internet of Medical Things (IoMT)[J]. Computer Communications, 2021, 170: 209-216.

[6] Bakour K, ünver H M. DeepVisDroid: android malware detection by hybridizing image-based features with deep learning techniques[J]. Neural Computing and Applications, 2021, 33(18): 11499-11516.

[7] Suaboot J, Tari Z, Mahmood A, et al. Sub-curve HMM: a malware detection approach based on partial analysis of API call sequences[J]. Computers & Security, 2020, 92: 101773.

[8] Zhang J X, Qin Z, Yin H, et al. A feature-hybrid malware variants detection using CNN based opcode embedding and BPNN based API embedding[J]. Computers and Security, 2019, 84(C): 376-392.

[9] 陈志锋, 李清宝, 张平, 等. 基于数据特征的内核恶意软件检测[J]. 软件学报, 2016, 27(12): 3172-3191.Chen Z F, Li Q B, Zhang P, et al. Data characteristics-based kernel malware detection[J]. Journal of Software, 2016, 27(12): 3172-3191.(in Chinese)

[10] 杨欢, 张玉清, 胡予濮, 等. 基于多类特征的Android应用恶意行为检测系统[J]. 计算机学报, 2014, 37(1): 15-27.Yang H, Zhang Y Q, Hu Y P, et al. A malware behavior detection system of android applications based on multi-class features[J]. Chinese Journal of Computers, 2014, 37(1): 15-27.(in Chinese)

[11] 冀甜甜,方滨兴,崔翔,等. 深度学习赋能的恶意代码攻防研究进展[J]. 计算机学报,2021,44(4): 669-695.Ji T T, Fang B X, Cui X, et al. Research on deep learning-powered malware attack and defense techniques[J]. Chinese Journal of Computers, 2021, 44(4): 669-695.(in Chinese)

[12] 杨吉云, 陈钢, 鄢然, 等. 一种基于系统行为序列特征的Android恶意代码检测方法[J]. 重庆大学学报, 2020, 43(9): 54-63.Yang J Y, Chen G, Yan R, et al. An android malware detection method based on system behavior sequences[J]. Journal of Chongqing University, 2020, 43(9): 54-63.(in Chinese)

[13] 李苑, 王国胤, 李智星, 等. 基于序列注意力机制的卷积神经网络异常检测[J]. 郑州大学学报(理学版), 2019, 51(2): 17-22.Li Y, Wang G Y, Li Z X, et al. A sequential attention based convolutional neural network for anomaly detection[J]. Journal of Zhengzhou University (Natural Science Edition), 2019, 51(2): 17-22.(in Chinese)

[14] Kudugunta S, Ferrara E. Deep neural networks for bot detection[J]. Information Sciences, 2018, 467: 312-322.

Get Citation

郭志民,陈岑,李暖暖,蔡军飞,张铮.基于神经网络平滑聚合机制的恶意代码增量训练及检测[J].重庆大学学报,2024,47(6):86~93

Copy

Article Metrics

Abstract:
PDF:
HTML:
Cited by:

History

Received:May 12,2022
Revised:
Adopted:
Online: July 02,2024
Published:

Home

Get Citation

Related Videos

Share

Article Metrics

History

Article QR Code